eBay Hacked, Urges All Members to Change Passwords Immediately

Yahoo ^ | May 21, 2014 | Jason O. Gilbert

[kingattax]

The online auction and sales giant eBay posted a message Wednesday morning saying that it had been hacked, urging all of its members to change their passwords.

The company said in a statement that a database containing encrypted passwords had been breached, but that financial data, including credit card information, was stored separately and was still safe. Hackers were able to gain access to eBay employee log-ins, eBay said, which in turn gave them access to the encoded passwords.

eBay says that no unauthorized transactions have yet been made with the information. But if you’re an eBay user, you still definitely need a new password.

“[C]hanging passwords is a best practice,” the statement said, “and will help enhance security for eBay users.”

[Minutemen]

Gee, you’d think Ebay could email us or contact us members
directly about a security breach? It’s not like they have no
way to find us....Right?

This supposed breach of security allededly happened
months ago. I call B.S. on this.

[Durus]

I’ve never read that Citi was hacked. Target wasn’t hacked as much as an admin password was “found”, regardless they read passwords directly from databases, not through users password field entry.

[EDINVA]

I went to my ebay account and had a “message” ... there were two notices; one that we’re going to ask customers to change PW; the next, we are asking. Says they think the hacking was done in Feb/Mar. I changed my ebay PW early May, so may just stick with what I’ve got.

[TruthWillWin]

Could not change mine, forgot it.

[Rashputin]

Three companies, Citibank being one of them, had their DB hacked due to someone starting with a program that captured input from both users and administrators who were logging in over the web (which I would have thought wouldn't be permitted or would be more secure than HTTPS for admins, so go figure, maybe he didn't want to give details).

People with privilege logging in remotely having their passwords captured was the root of the problem.

My daughter is finishing up her Masters in Computer Forensics and Security and got all this from a lecture she attended recently, beyond that I don't recall the specifics. I'll take her word as being correct, you take my word as being BS, we'll both be happy.

[Redcitizen]

I put 15 bucks in the mail with attn: Up Yours Marxists written on each 5 dollar bill. I’m sure it will get to you soon.

[roadcat]

Could not change mine, forgot it

Don't you hate when that happens? There are times when I tried for weeks to remember a password, trying every variation of a common set of characters and phrases I use. For eBay, I haven't changed my password for a dozen years now. Guess it's time, as long as I record it in a safe place (which I will misplace).

[Rashputin]

They "think" it was done a few months ago? Talk about shutting the barn door after the horse is out.

They're also taking their time sending that message out, too, although I guess they batch them out or something. I change my passwords every month or so anyway and my current one is less than a month old.

Once we shoot 90% of the lawyers and impose real costs and penalties on those who file fraudulent damage claims some company will be honest enough to just say, "we had our security improperly configured last Tuesday so everyone should probably change their password just in case we were hacked last Tuesday".

Until then, I guess they play CYA with a "we think we were hacked a few months back" message.

[Gene Eric]

Prolly best to request a new temporary password right away by selecting “Forgot Password” during the login process.

[Hetty_Fauxvert]

Thanks for the heads up! Changing mine right now.

[lulu16]

I’ve tried to change my password for an hour. You have to receive a notice in your email in order to complete the reset. Mine has not come. They have my email address blocked out for the most part in their message, but the last part of it is wrong. I wonder if it was sent somewhere else, or that is part of the hacking scheme.

Anybody else having this problem. Or what else can I do?

[Hetty_Fauxvert]

When I went to the site to change my password (and I did see a notice at the site that I should change my password, though I never got one in my email — thanks, eBay!), I was not able to change it on my first attempt. A notice popped up that if I needed help with my password changing, to contact Customer Service. I imagine if you toodle around on the site for a while (be sure to check the very bottom of pages, since that’s where they put the stuff they don’t want you to see) you can find Customer Service and get them to help you. Luck!

[Durus]

I have been in IT for 25 years and security has been my primary responsibility in the past. As such I will take the industry analysis at face value rather than the 3rd hand word of some IT teacher, not to disparage you or you daughter of course.

Best of luck to your Daughter. It's a crazy (sometimes literally) industry.